CVE-2016-9100

Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information.

Published: May 11, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-9100
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
broadcom / advanced_secure_gateway	6.6	6.6.5.13
broadcom / advanced_secure_gateway	6.7	6.7.3.1
broadcom / symantec_proxysg	6.5	6.5.10.6
broadcom / symantec_proxysg	6.6	6.6.5.13
broadcom / symantec_proxysg	6.7	6.7.3.1

http://www.securityfocus.com/bid/102454
http://www.securitytracker.com/id/1040138
https://www.symantec.com/security-center/network-protection-security-advisories/SA155

Vulnerability Database

289,697

CVE-2016-9100